Looking for Experian Products and Services?
We take your privacy seriously. This Experian plc Privacy Policy explains what personal information we collect from you and how we use it.
We encourage you to read this policy thoroughly. To make it easier, we've provided direct links to the information below:
1. Who is Experian and how can you contact us?
2. What information we collect
3. How we use your information
4. What are the legal grounds for handling personal information?
5. Who we share your personal information with
6. Where in the world do we send information?
7. Your rights to how we use your personal information
8. Problems with how we handle your information or rights
9. How we keep your personal information secure
10. How long we keep your personal information for
11. Changes to this Privacy Policy
Who is Experian and how can you contact us?
When we refer to ‘Experian’ in this Privacy Policy, we mean Experian plc.
Experian plc is the ultimate parent company of the Experian group of companies. Experian is incorporated and registered in Jersey as a public company limited by shares and is resident in Ireland. Its registered office is at 22 Grenville Street, St Helier, Jersey JE4 8PX, Channel Islands. The Company’s ordinary shares are traded on the London Stock Exchange’s Regulated Market (ticker: EXPN) and have a Premium Listing.
If there’s anything you’re unsure about in this Privacy Policy, feel free to contact us at our investor email address investors@experian.com.
What information we collect
We will need to ask you for certain personal information to give you the best possible experience when you engage with us (via our websites or otherwise) and when you use our services.
We or our third parties will also collect other information about you and the devices you use to access our website. We do this by using technologies like cookies. See also our Cookie Policy.
NOTE: Experian plc, the entity, does not collect, manage or store consumer credit or business credit information. That information is collected by the Experian entity in the country in which a person or business resides or is registered. Please refer to the country contacts page here to help you contact Experian in your country.
Types of personal information we will ask for or collect:
Contact Information
When you apply for Experian services from this website we will ask you to provide some contact information. Contact information may include some or all of the following: Full name, email address, country, occupation and company. We will only retain your Contact information for as long as required to provide you with the information and services that you’ve shown an interest in, or for as long as there is a continuing need to retain it.
Device Information
We also collect certain data automatically from your visit to our website or use of our services may include some or all of the following: how you move through this website (see our Cookie policy – click here). We will only retain your Device information as long as there is a continuing need to retain it.
Other
Finally, we also collect information on meetings held with Experian including the date, time, place, meeting subject, and who from Experian you met with. We will only retain this information as long as there is a continuing need to retain it.
How we use your information
We use your personal information in lots of ways to make our services as effective as possible.
We use your information for:
To enable you to access our website and use our services
We will use your information to provide you with the services you have requested e.g. email alerts or invitations to investor meetings.
To provide and improve support
We will use your information to be able to provide and improve the support we provide to you (e.g. when you have questions or when you forget your log-in information).
For the investigation, detection and prevention of crime
We will use your information for the investigation, detection and prevention of crime (other than fraud).
For reporting and analytical purposes
We will use your information for reporting and analytical purposes e.g. to know where our investors may be based in the world and what institution they work at to enable us to improve our services and provide appropriate levels of support to our customers.
To provide alerts
We will use your information to provide alerts to you if you opt-in to them whenever ‘Alerts’ are part of the service we offer to you e.g:
To maintain our records and other administrative purposes
We will use your information to ensure that we maintain comprehensive and up to date records of the ways we process your personal information and other operational activities and therefore we will use the information you provide for record-keeping, updates and general administrative purposes.
For complaint and dispute resolution
Whilst we will try to make sure that you are happy with the service we provide and do not feel the need to complain, if you do complain to us, we will use the information we have about you to help us manage your complaint and to bring it to a close.
To comply with the law
Like any other business, we are required to comply with many laws and regulations. We will, where necessary, use your information to the extent required to enable us to comply with these requirements.
For Investor Relations activity
Like other listed companies Experian needs to provide information to its shareholders. This includes maintaining contact with institutions and companies interested in investing with Experian, even after an analyst has left that institution. We therefore use information about past meetings between Experian and potential shareholders or current shareholders in order to provide required Investor Relations activities and services in the future.
Further uses of your personal information not described in this Privacy Policy
If we use your personal information for any purposes that are not set out in this Privacy Policy, we promise to let you know exactly what we will use it for before we go ahead and use it.
What are the legal grounds for handling personal information?
Consent
Where we collect other information from you such as when we use cookies to collect information about the device you use to access our website, or sometimes third parties collect it on our behalf. You will be asked to consent to this before using our website. If you choose not to give your consent, or you later remove your consent, this may affect our ability to provide the services you want, to you. We may also rely on the consent ground for handling your personal information in the following scenarios:
Legitimate Interests
In the United Kingdom, we can also use personal information where the benefits of doing it are not outweighed by the interests or fundamental rights or freedoms of data subjects. The law calls this the “Legitimate Interests” condition for processing. E.G:
• Helping to prevent and detect crime such as fraud and money laundering. Fraud and money laundering cost the British economy many billions of pounds every year. That cost is ultimately passed on to the public in the form of higher prices. By helping to avoid fraud such as identity theft, we help to stop this from happening.
• Running a credit bureau. By providing credit information to lenders about a consumer’s creditworthiness a credit bureau is helping to avoid over-indebtedness of consumers, especially vulnerable consumers and the negative effects of excessive debt.
Complying with/supporting compliance with legal and regulatory requirements.
We must comply with various legal and regulatory requirements. Additionally, the services we provide help other organisations to comply with their own legal and regulatory obligations. For example, Experian is regulated by the Financial Conduct Authority.
The legal grounds (from above) we rely on when processing your information are:
To enable you to access our website and use our services we rely on the legal basis of Consent and Legitimate Interest:
• Consent for email alerts. You can unsubscribe from these emails. alerts at any time by clicking the ‘unsubscribe’ option at the bottom of any email you receive from us.
• For webinars and meeting information we rely on the legal basis of Legitimate Interest. The collected information is necessary to provide you with the requested services.
To provide and improve customer support we rely on the legal basis of Legitimate Interest:
• We collect your personal information so we can contact you via email and phone to ensure you receive a high level of customer service.
For the investigation, detection and prevention of crime we rely on the legal basis of Legitimate Obligation:
• Processing is necessary for compliance with a legal obligation.
For reporting and analytical purposes, we rely on the legal basis of Legitimate Interest:
• This will enable us to improve our services, and to provide appropriate levels of support to the general public, investors and analysts.
To provide email alerts we rely on the legal basis of Consent:
• You can unsubscribe from these email alerts at any time by clicking the ‘unsubscribe’ option at the bottom of any email you receive from us.
To maintain our records and other administrative purposes we rely on the legal basis of Legitimate Interest:
• Like any business, we need to ensure that we maintain comprehensive and up to date records of the ways we process your personal information and other operational activities and therefore we will use the information you provide for record-keeping, updates and general administrative purposes.
For complaint and dispute resolution we rely on the legal basis of Legitimate Interest:
• Whilst we will try to make sure that you are happy with the service we provide and do not feel the need to complain, if you do complain to us, we will use the information we have about you to help us manage your complaint and to bring it to a close.
To comply with the law, we rely on the legal basis of Consent and Legitimate Obligation:
• Processing is necessary for compliance with a legal obligation.
For Investor Relations Activity, we rely on the legal basis of Legitimate Interest:
• We need to understand which institutions we have previously interacted with, even after an individual has left those institutions, in order to better fulfil requests from those institutions in the future.
Who we share your personal information with
We share your personal information only with those persons who need to handle it so we can provide the Experian services you’ve signed up to. We also share it with companies within the Experian group who manage some parts of the services for us; with suppliers who provide services to us which require access to your personal information only; and with resellers, distributors and agents involved in delivering the services we provide where necessary for them to do so.
Lastly, we may also provide your personal information to fraud prevention agencies. This is to protect the Experian group of companies and our customers, to keep our systems secure, or where it’s necessary to protect either yours or our best interests.
Who and why we share your information with others:
1. Group companies
As a member of the Experian group of companies, we can benefit from the large IT infrastructure and expertise that exists within our business. This means that the personal data you provide to us may be accessed by members of our group of companies for support and administrative purposes.
2. Suppliers
We use a number of service providers to support our business and these service providers may have access to our systems in order to provide services to us and/or to you on our behalf.
3. Fraud prevention agencies
We will check your details with the records we hold and share with fraud prevention agencies. If false or inaccurate information is provided and fraud is identified, we will record this and details will be passed to the other fraud prevention agencies. Law enforcement agencies may access and use this information.
Please contact us at Experian Ltd, PO Box 8000, Nottingham, NG80 7WF if you want to receive details of the fraud prevention agencies.
We and other organisations may access and use the information recorded by fraud prevention agencies from other countries.
4. Public bodies, law enforcement and regulators
The police and other law enforcement agencies, as well as public bodies such as local and central authorities can sometimes request personal information. This may be for the purposes of preventing or detecting crime, apprehending or prosecuting offenders, assessing or collecting tax, investigating complaints or assessing how well a particular industry sector is working.
6. Individuals
You can obtain a copy of the information we hold about you. See section Your rights to how we use your personal information for further information on how you can do this.
Where in the world do we send information?
Experian plc is incorporated and registered in Jersey as a public company limited by shares and is resident in Ireland. It is listed on the London Stock Exchange in the UK. We also operate elsewhere in and outside the European Economic Area, so we may access your personal information from and transfer it to these locations as well. Don’t worry though, any personal information we access from or transfer to these locations is protected by European data protection standards.
Where we send your information and how it is protected:
While countries in the European Economic Area all ensure rigorous data protection laws, there are parts of the world that may not be quite so rigorous and don’t provide the same quality of legal protection when it comes to your personal information.
To make sure we keep your personal information safe, we apply strict safeguards when transferring it overseas. For example:
1. Sending your personal information to countries approved by the European Commission as having high quality data protection laws, such as Switzerland, Canada and the Isle of Man,
2. Putting in place a contract that has been approved by the European Commission with the recipient of your personal information that provides a suitable level of high quality protection, or
3. Sending your personal information to a member organisation approved by the European Commission as providing a suitable level of high quality protection. For example, the Privacy Shield Scheme that exists in the US.
Your rights to how we use your personal information
If our right to process or share your personal information is based on the fact that you’ve given us consent, you have the right to withdraw that consent at any time by clicking the ‘unsubscribe’ option at the bottom of any email you receive from us.
You can also ask for access to the personal information we hold about you and request that we correct any mistakes, restrict or stop processing or delete it. It’s worth noting that in some cases if you do ask us to correct, delete or stop processing it, we won’t always be required to do so. If that is the case, we will explain why. To request a copy of the personal information we hold about you, please follow this http://www.experian.co.uk/consumer/data-access/.
In certain circumstances (e.g. where you provide your information to us (a) with consent to process it or (b) where the processing is necessary for the performance of our contract with you) you can require that we provide the information we hold about you either to you or a third party in a commonly used format. This only applies if we are processing it using automated means. If you would like more information about this, let us know by contacting us at investors@experian.com.
Problems with how we handle your information or rights
We will try to ensure that we deliver the best levels of service for Investor Relations but if you think we are falling short of that commitment and if you wish to raise a concern please contact us at investors@experian.com.
If we cannot resolve things under that procedure, then you may have the right to refer your complaint, free of charge, to the Financial Ombudsman Service. The contact details for the Financial Ombudsman Service are: Telephone: 0300 123 9 123, or from outside the UK +44 20 7964 1000 E: complaint.info@financial-ombudsman.org.uk W: www.financial-ombudsman.org.uk Financial Ombudsman Service Exchange Tower London E14 9SR
You also have the right to contact the Information Commissioner’s Office (ICO), the supervisory authority that regulates the handling of personal information in the UK. You can contact them by:
1. Going to their website at https://ico.org.uk/
2. Phone on 0303 123 1113
3. Post to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
You may also have the option to register your complaint using the European Commission Online Dispute Resolution (ODR) platform. This is a web-based platform that is designed to help consumers who have bought goods or services online to deal with issues arising from their purchase.
How we keep your personal information secure
Online privacy and security is the most important aspect of any customer service and we take it extremely seriously. We use a variety of the latest technologies and procedures to protect your personal information from unauthorised access, destruction, use or disclosure.
Our safeguards and security measures for handling your information:
We have put in place various safeguards to ensure that individuals’ whose personal information we handle are not unduly harmed by the activities we use their personal data for. These include making information available to individuals so that they understand how their personal data will be used by Experian, explaining their rights to obtain the information we hold and to have their information corrected or restricted and providing information about how individuals can complaint if they are dissatisfied.
We restrict access to your personal data to those employees, and third parties, who need to know that information to provide products or services to you. We maintain physical, electronic, and procedural safeguards to protect your personal data.
Experian have a comprehensive Global Security Policy based on internationally recognised standards of security (known as ISO27001 standard) and holds ISO27001 certification in the key areas of Global Security Admin team who are responsible for administering logical access to systems and in the Data Centre.
Experian has a dedicated Cyber Security Investigations team who safeguard Experian’s key assets such as its systems and storage facilities. This team, identify and effectively manage any security developments that may threaten Experian's people, process, or technology through intervention and the thorough investigation of security incidents. Experian holds Cyber Essentials Certification and performs risk assessments against our critical and external facing applications annually.
Experian is annually audited by an External QSA (Qualified Security Assessor) from Trustwave and have successfully maintained compliance since 2010.
How long we keep your personal information for
We’ll keep your personal information for the periods set out in the section ‘What information we collect’ above, and where we were not able to give a specific period, we will keep it only as long as we need it to provide the Experian services you’ve signed up to. We may also keep it to comply with our legal obligations, resolve any disputes and enforce our rights. These reasons can vary from one piece of information to the next and depend on the services you’re signed up to, so the amount of time we keep your personal information for may vary.
More details about the logic behind how long we keep your information:
Contact Information
Contact information such as names and email addresses are kept while there is a continuing need to retain it.
Device Information
Device information such as how you connect to the internet and screen resolution are kept while there is a continuing need to retain it.
Other
Other information such as information on meetings held with Experian including the date, time, place, meeting subject, and who from Experian you met with are kept while there is a continuing need to retain it.
In all of these cases, our need to use your personal information will be reassessed on a regular basis, and information which is no longer required for any purposes will be deleted/disposed of securely.
Changes to this Privacy Policy
We can update this Privacy Policy at any time and ideally you should check it regularly for updates. We won’t alert you to every little change, but if there are any really important changes to the Policy or how we use your information we’ll let you know and where appropriate ask for your consent.
See here for our old Privacy Policy (valid until 22 May 2018).